CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.1-dev (changelog, source)
Search

Module ZipSlip

Import path

import semmle.javascript.security.dataflow.ZipSlipCustomizations

Classes

AdmZipEntrySource

An archive entry path access using the adm-zip package.

CreateWriteStreamSink

A call to fs.createWriteStream, as a sink for unsafe archive extraction.

FileSystemWriteSink

A file path of a file write, as a sink for unsafe archive extraction.

JSZipFileSource

A relative path from iterating the files in the JSZip object

JSZipFilesSource

A object key in the JSZip files object

Sink

A data flow sink for unsafe archive extraction.

Source

A data flow source for unsafe archive extraction.

UnzipEntrySource

An archive entry path access, as a source for unsafe archive extraction.

Aliases